Monday, 1 April 2019

Decrypting keys from aws-kms in Ruby

I’m using serverless-kms-secrets on serverless frameword to set some ENV variables I want to consume using Ruby.

I can confirm that the plugin works perfectly, it generated the file with the encrypted variable and I can see the encrypted variable in my environment on AWS lambda. The problem is that I can’t decrypt it in Ruby. The code that decrypts it (correctly) in the plugin is here, I understand it gets the string saved in the file and encodes it using Base64, so no big deal. In Ruby:

token = "blablabla"
client = Aws::KMS::Client.new(region: 'us-east-1')
blob = Base64.encode64(token)
client.decrypt({ciphertext_blob: blob})
....
Aws::KMS::Errors::InvalidCiphertextException ()

The client should get my credentials automatically, but I’m not sure I understand how the keyArn is used, doesn’t look relevant though.

Does anybody have any idea how to solve this?



from Decrypting keys from aws-kms in Ruby
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)